icedid | 3af16431d6f03ff15bb2fc67692dd1b12cab40b633569012ca31017915aa6aee | Triage

Sharing

General

Target

temp.bin
Size

315KB
Sample

220817-thp59acfg6
MD5

ad3c15ece02704122c5ae5d092022ece
SHA1

d10b7fda94578acc0a4ce55d10b8293a6ef34f58
SHA256

3af16431d6f03ff15bb2fc67692dd1b12cab40b633569012ca31017915aa6aee
SHA512

3c3f1b4a251ab186e748a78eaa58427a54032407f6ea3be583fe8031bab9e976230f910522ff1b7c250d2dc61479e15f83495ccd077ae0ce9d3e5aaa9903693a
SSDEEP

6144:FEsnFEqyLC9x69OYMpkw7b524HWjfBLB9FfOd:FEseqyO69zMt7bYGWjpB9FfOd

Score

10^/10

icedid 2672825827 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2672825827

C2

cementqbilly.com

qaderation.top

dilopmeska.top

carsoveraho.pics

Attributes

auth_var
18
url_path
/news/

Targets

- Target
  
  temp.bin
- Size
  
  315KB
- MD5
  
  ad3c15ece02704122c5ae5d092022ece
- SHA1
  
  d10b7fda94578acc0a4ce55d10b8293a6ef34f58
- SHA256
  
  3af16431d6f03ff15bb2fc67692dd1b12cab40b633569012ca31017915aa6aee
- SHA512
  
  3c3f1b4a251ab186e748a78eaa58427a54032407f6ea3be583fe8031bab9e976230f910522ff1b7c250d2dc61479e15f83495ccd077ae0ce9d3e5aaa9903693a
- SSDEEP
  
  6144:FEsnFEqyLC9x69OYMpkw7b524HWjfBLB9FfOd:FEseqyO69zMt7bYGWjpB9FfOd
Score

10^/10

icedid 2672825827 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid2672825827bankercore_loadertrojan

behavioral2

icedid2672825827bankercore_loadertrojan